CVE-2025-68670: discovering an RCE vulnerability in xrdp

Kaspersky researchers found and responsibly disclosed CVE-2025-68670, a pre-authentication remote code execution vulnerability in xrdp where overly long UTF-16 domain strings are converted to UTF-8 and copied into a 256-byte buffer, enabling stack-based buffer overflow and potential control-flow hijacking; the report includes a PoC, analysis of mitigation (stack canaries), and a timeline showing the issue was patched and backported by xrdp maintainers.